- name: d8.node-group-node-with-deprecated-availability-zone
  rules:
    - alert: NodeGroupNodeWithDeprecatedAvailabilityZone
      expr: |
        max by (node_group) (d8_node_group_node_with_deprecated_availability_zone) > 0
      for: 1m
      labels:
        tier: cluster
        severity_level: "9"
      annotations:
        plk_markup_format: markdown
        plk_protocol_version: "1"
        plk_create_group_if_not_exists__cluster_has_node_groups_deprecation_alerts: "AvailabilityZonesDeprecationAlerts,tier=cluster,prometheus=deckhouse,kubernetes=~kubernetes"
        plk_grouped_by__cluster_has_node_groups_deprecation_alerts: "AvailabilityZonesDeprecationAlerts,tier=cluster,prometheus=deckhouse,kubernetes=~kubernetes"
        summary: NodeGroup {{ $labels.node_group }} contains Nodes with deprecated availability zone.
        description: |
          Availability zone `ru-central1-c` is deprecated by Yandex.Cloud.
          You should migrate your Nodes, Disks and LoadBalancers to `ru-central1-a`, `ru-central1-b` or `ru-central1-d` (introduced in v1.56).
          To check which Nodes should be migrated, use `kubectl get node -l "topology.kubernetes.io/zone=ru-central1-c"` command.

          You can use [Yandex Migration Guide](https://cloud.yandex.com/en/docs/overview/concepts/zone-migration) (mostly applicable to the `ru-central1-d' zone only).

          **IMPORTANT** You cannot migrate public IP addresses between zones. Check out the Yandex Migration Guide for details.
    - alert: NATInstanceWithDeprecatedAvailabilityZone
      expr: |
        d8_cloud_provider_yandex_nat_instance_zone_deprecated > 0
      for: 1m
      labels:
        tier: cluster
        severity_level: "9"
      annotations:
        plk_markup_format: markdown
        plk_protocol_version: "1"
        plk_create_group_if_not_exists__cluster_has_node_groups_deprecation_alerts: "AvailabilityZonesDeprecationAlerts,tier=cluster,prometheus=deckhouse,kubernetes=~kubernetes"
        plk_grouped_by__cluster_has_node_groups_deprecation_alerts: "AvailabilityZonesDeprecationAlerts,tier=cluster,prometheus=deckhouse,kubernetes=~kubernetes"
        summary: NAT Instance `{{ $labels.name }}` is in deprecated availability zone.
        description: |
          Availability zone `ru-central1-c` is deprecated by Yandex.Cloud.
          You should migrate your NAT Instance to `ru-central1-a` or `ru-central1-b` zone.

          You can use the following instructions to migrate.

          **IMPORTANT** The following actions are destructive changes and cause downtime (typically a several tens of minutes, also it depending on the response time of Yandex Cloud).

          1. Migrate NAT Instance.

              Get `providerClusterConfiguration.withNATInstance`:
              ```
              kubectl -n d8-system exec -it deploy/deckhouse -- deckhouse-controller module values -g cloud-provider-yandex -o json | jq -c | jq '.cloudProviderYandex.internal.providerClusterConfiguration.withNATInstance'
              ```

              1. If you specified `withNATInstance.natInstanceInternalAddress` and/or `withNATInstance.internalSubnetID` in providerClusterConfiguration, you need to remove them with the following command:

                  ```
                  kubectl -n d8-system exec -it deploy/deckhouse -- deckhouse-controller edit provider-cluster-configuration
                  ```

              1. If you specified `withNATInstance.externalSubnetID` and/or `withNATInstance.natInstanceExternalAddress` in providerClusterConfiguration, you need to change these to the appropriate values.

                  You can get address and subnetID from Yandex.Cloud console or with CLI

                  Change `withNATInstance.externalSubnetID` and `withNATInstance.natInstanceExternalAddress` with the following command:
                  ```
                  kubectl -n d8-system exec -it deploy/deckhouse -- deckhouse-controller edit provider-cluster-configuration
                  ```

          1. Run the appropriate edition and version of the Deckhouse installer container on the **local** machine (change the container registry address if necessary) and do converge.

              1. Get edition and version of the Deckhouse:

                  ```
                  DH_VERSION=$(kubectl -n d8-system get deployment deckhouse -o jsonpath='{.metadata.annotations.core\.deckhouse\.io\/version}')
                  DH_EDITION=$(kubectl -n d8-system get deployment deckhouse -o jsonpath='{.metadata.annotations.core\.deckhouse\.io\/edition}' | tr '[:upper:]' '[:lower:]')
                  echo "DH_VERSION=$DH_VERSION DH_EDITION=$DH_EDITION"
                  ```

              1. Run the installer:

                  ```
                  docker run --pull=always -it -v "$HOME/.ssh/:/tmp/.ssh/" registry.deckhouse.io/deckhouse/${DH_EDITION}/install:${DH_VERSION} bash
                  ```

              1. Do converge:

                  ```
                  dhctl converge --ssh-agent-private-keys=/tmp/.ssh/<SSH_KEY_FILENAME> --ssh-user=<USERNAME> --ssh-host <MASTER-NODE-0-HOST>
                  ```

          1. Update route table

              1. Get route table name

                  ```
                  kubectl -n d8-system exec -it deploy/deckhouse -- deckhouse-controller module values -g cloud-provider-yandex -o json | jq -c | jq '.global.clusterConfiguration.cloud.prefix'
                  ```

              1. Get NAT Instance name:

                  ```
                  kubectl -n d8-system exec -it deploy/deckhouse -- deckhouse-controller module values -g cloud-provider-yandex -o json | jq -c | jq '.cloudProviderYandex.internal.providerDiscoveryData.natInstanceName'
                  ```

              1. Get NAT Instance internal IP

                  ```
                  yc compute instance list | grep -e "INTERNAL IP" -e <NAT_INSTANCE_NAME_FROM_PREVIOUS_STEP>
                  ```

              1. Update route

                  ```
                  yc vpc route-table update --name <ROUTE_TABLE_NAME_FROM_PREVIOUS_STEP> --route "destination=0.0.0.0/0,next-hop=<NAT_INSTANCE_INTERNAL_IP_FROM_PREVIOUS_STEP>"
                  ```
